ESXi 6.5 SNMP Configuration
ESXi SNMP configuration is one of those things everyone knows it, doing it once in a while and Google’s it every time. As our infrastructure grows we need to add a monitoring system to know what is going on on our servers, where is out bottleneck and when it’s time to add new hardware.
There is a lot of monitoring software out there and most of them are using the old SNMP protocol for the basic monitoring tasks. So, for us to be able to monitor our VMware hosts we need to enable SNMP and allow connection through the ESX firewall.
We are going to use the CLI to enable SNMP in ESXi so we need to Enable SSH, Configure SNMP, Enable SNMP on ESXi firewall
Enable SSH on ESXi
In vSpere Web Client click on the server you want to enable SSH and go to Configure -> System -> Security Profile and click Edit. Follow the steps on the picture below.
ESXi SNMP Configuration
Login into VMware host using SSH and root credentials, then set community string that you are going to use, and enable SNMP service.
esxcli system snmp set --communities YOUR_COMMUNITY_STRING esxcli system snmp set --enable true
Replace YOUR_COMMUNITY_STRING with the Community string you are going to use, usually this is Private or Public but I think you need to use some unique string one for security reasons.
Enable SNMP on ESXi firewall
Now we need to add a firewall rule to allow inbound SNMP traffic to our ESXi host. For this, we have two options:
- Allow all traffic for SNMP
- Allow traffic from specific hosts or subnets
Allow traffic from All hosts
esxcli network firewall ruleset set --ruleset-id snmp --allowed-all true esxcli network firewall ruleset set --ruleset-id snmp --enabled true
Allow traffic from specific hosts or subnets
esxcli network firewall ruleset set --ruleset-id snmp --allowed-all false esxcli network firewall ruleset allowedip add --ruleset-id snmp --ip-address 192.168.1.0/24 esxcli network firewall ruleset set --ruleset-id snmp --enabled true
Restart SNMP Service
Now that we have done our VMware 6.5 SNMP configuration we need to restart the SNMP service
/etc/init.d/snmpd restart
Finally here is my CLI command list that you can edit and paste. I’ve changed the community string and I’m using my private LAN subnet to allow it on the ESXi firewall.
esxcli system snmp set --communities vionstring esxcli system snmp set --enable true esxcli network firewall ruleset set --ruleset-id snmp --allowed-all false esxcli network firewall ruleset allowedip add --ruleset-id snmp --ip-address 10.90.20.0/23 esxcli network firewall ruleset set --ruleset-id snmp --enabled true /etc/init.d/snmpd restart
It should look like this:
I’m going to use my configuration all the time and stop searching for it. Also, don’t forget to DISABLE SSH on your VMware hosts.